The SITA principle for location privacy — Conceptual model and architecture

Most existing location privacy solutions suffer from being binary privacy or constrained to either identity, temporal, or spatial data. Furthermore, solutions which try to embrace location privacy more generally suffer from being overly complex. This limits the expressiveness and general applicability of such solutions, the consequence being that different location privacy implementations are restricted in the sense of which attacks they protect against. Furthermore, this makes it difficult to compare different solutions making it hard for developers to choose and add sufficient location privacy. In this paper we present the SITA conceptual model to solve the aforementioned problems. This novel location privacy model advocates simplicity as principle for location privacy, which is divided into the four fundamental dimensions of spatial, identity, temporal, and activity data. Each of these dimensions are divided into five levels of privacy to be easily comprehensible and complete at the same time. To demonstrate the applicability and feasibility of the conceptual model, we propose a general architecture and provide the AndSITA Android implementation. Furthermore, we demonstrate the applicability by developing an example location based service. We observe through these steps how the properties of the SITA conceptual model provides a more comprehensible and expressive way of providing location privacy, that will help bridge the gap between privacy on a conceptual level and practical use. The contribution of this paper is twofold: (1) we provide a complete, yet simple language to discuss and compare existing solutions and (2) we provide a simple architecture which aids developers in adding SITA privacy.